Directory traversal and format string bug in Cisco Secure ACS

Any html, htm, class, jpg, jpeg or gif files can be remotely accessed. Format string bug can lead to remote server compromise...

GnuPG contains format-string vulnerability in handling of encrypted data filename

Overview Some versions of Gnu Privacy Guard GPG contain a format-string vulnerability from improper handling of filenames when decrypting files. Description GPG is an OpenPGP-compliant alternative to PGP to protect electronic communications using public-key cryptography. Versions of GPG prior to...

Format String Bug in Posadis DNS Server

Date: Mar 27 02 Me: kkr [email protected] Software: Posadis DNS Server http://sourceforge.net/projects/posadis/ Ver: m5pre1 Bug: bad fmt string usage in log function, may lead to remote access Word Life: the warez dude Overview: Posadis dns server is a small dns server without cache or resolving...

Bypassing libsafe format string protection

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Name: libsafe Version: up to 2.0-11 URL: http://www.research.avayalabs.com/project/libsafe/ Author: Wojciech Purczyсski [email protected] Date: March 14, 2002 Issue: ====== Libsafe provides ineffective protection against format string exploit attacks that...

format string vulnerability protection bypass in libsafe

Not all of possible converion flags are processed...

CVE-2001-1129

Format string vulnerabilities in 1 probuild, 2 dbutil, 3 mprosrv, 4 mprshut, 5 proapsv, 6 progres, 7 proutil, 8 rfutil and 9 prolib in Progress database 9.1C allows a local user to execute arbitrary code via format string specifiers in the file used by the PROMSGS environment variable...

CVE-2001-1208

CVE-2001-1208 describes a format-string vulnerability in DayDream BBS that allows remote code execution via format specifiers in a file containing a ~#RA control code. The entry lists a base score of 7.5 (HIGH) with network attack vector, low attack complexity, and no authentication required. The...

CVE-2001-1129

The CVE-2001-1129 entry covers multiple components of Progress database 9.1C (probuild, dbutil, mprosrv, mprshut, proapsv, progres, proutil, rfutil, and prolib). The vulnerability is a local format-string flaw in the PROMSGS environment file that allows a local user to execute arbitrary code. The...

CVE-2001-1208

Format string vulnerability in DayDream BBS allows remote attackers to execute arbitrary code via format string specifiers in a file containing a RA control code...

FreeBSD-SA-02:15.cyrus-sasl

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-02:15 Security Advisory FreeBSD, Inc. Topic: cyrus-sasl library contains format string vulnerability Category: ports Module: cyrus-sasl Announced: 2002-03-12 Credits: Kari...

CVE-2001-0740

3COM OfficeConnect 812 and 840 ADSL Router 4.2, running OCR812 router software 1.1.9 and earlier, allows remote attackers to cause a denial of service via a long string containing a large number of "%s" strings, possibly triggering a format string vulnerability...

CVE-2001-0717

CVE-2001-0717 is a format-string vulnerability in the ToolTalk RPC server rpc.ttdbserverd that permits remote command execution via syslog formatting. Public advisories (Sun, HP, IBM, SunOS/Solaris, AIX, SGI/IRIX, Xi Graphics, Caldera) describe vulnerable platforms and vendor patches. CORE/SECURE...

CVE-2000-0699

The CVE-2000-0699 entry concerns HP-UX 10.20’s ftpd with a format-string vulnerability in the PASS command. The underlying flaw allows a remote attacker to cause a denial of service or execute arbitrary commands through crafted PASS input, potentially enabling shell access as indicated by Nessus ...

CVE-2001-0522

The CVE-2001-0522 issue concerns GnuPG (GPG) versions 1.0.5 and earlier, where a format-string vulnerability in the do_get/tty_printf flow exposes the original encrypted-file filename to format-string processing. This can allow code execution with the privileges of the user decrypting the file. T...

CVE-2001-0717

Format string vulnerability in ToolTalk database server rpc.ttdbserverd allows remote attackers to execute arbitrary commands via format string specifiers that are passed to the syslog function...

CVE-2001-0740

CVE-2001-0740 affects 3COM OfficeConnect 812/840 ADSL Router with OCR812 router software version 1.1.9 and earlier. The vulnerability is a potential format string flaw triggered by a long string containing many "%s" sequences, which can cause a denial of service via remote access. The connected d...

CVE-2001-0879

CVE-2001-0879 describes a format-string vulnerability in the C runtime functions used by Microsoft SQL Server 7.0 and 2000. The underlying issue is a format string handling flaw in the C runtime, which can allow an attacker to trigger a denial of service. The available connected documents confirm...

CVE-2000-0741

Format string vulnerability in strong.exe program in NAI Net Tools PKI server 1.0 before HotFix 3 allows remote attackers to execute arbitrary code via format strings in a URL with a .XUDA extension...

CVE-2001-0522

Format string vulnerability in Gnu Privacy Guard aka GnuPG or gpg 1.05 and earlier can allow an attacker to gain privileges via format strings in the original filename that is stored in an encrypted file...

CVE-2001-0690

CVE-2001-0690 describes a format-string vulnerability in Exim in batched SMTP mode that can let an unauthenticated remote attacker execute arbitrary code via format strings in SMTP headers. The entry specifies affected Exim versions: 3.22-10 (Red Hat), 3.12 (Debian), and 3.16 (Conectiva). Attack ...